The SSL pinning means dropbox application does know the fingerprint of the certificate of the connection out-of-band and will simply refuse to work with another (even trusted one).
It is not possible to change this behaviour without recompiling unless developers of dropbox has some "managed" mode... See http://docs.diladele.com/faq/squid/dropbox.html Best regards, Rafael Op 1 sep. 2015 om 00:55 heeft Stanford Prescott <stan.presc...@gmail.com<mailto:stan.presc...@gmail.com>> het volgende geschreven: Yes, SSLBump still works with the web apps, but it would be a lot more convenient if the mobile apps would also work. Does anyone know how to pin Squid's self-signed certificate's public key to Googledrive and Dropbox so that it would work with SSLBump enabled? Stan On Mon, Aug 31, 2015 at 3:29 PM, Yuri Voinov <yvoi...@gmail.com<mailto:yvoi...@gmail.com>> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 BTW, GoogleDrive web application still works with bump. Use it, Luke ;) 01.09.15 2:21, Jason Haar ?????: > On 01/09/15 02:59, Shane King wrote: >> Accessing via the browser may work but the sync clients that sit in >> the system tray use certificate pinning I believe. So if certificate >> pinning is being used, ssl bumping will not work. You will see an >> alert message in the pcap followed by a connection termination. > > This stopped working for me last week - I suspect there was an update or > something > > Really frustrating: one of the primary reasons I want to do TLS > intercept is to AV all the viruses published on dropbox!!! > > If the Cloud providers go full pinning, the future of TLS Intercept is bleak > > > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJV5LkrAAoJENNXIZxhPexGH9oH/AyK089Jek7yb/YPB16jAKPJ LnKgKPQ4r8lu3wm5o4JuOXF6mun79fGVW9dymB5rasTJlHiCHrvXEK4G2KqyRg3B 57TdvHuLhHr+IE0jcpMpk6n/pbdHzYJwkbplTd9HNApw+/LJpfxXVzQZsspJJC58 e12pMXL+i5Dv2vEYLEeySVnDN0mtuBdxD7lxDWFDFDbfBZvoGHEptOQYR3lelEet xEIds+sNYrjYPK8a9BuiKSK0IqQ5mxhsbUIg4Z7LxyKv3+sTV+aW3HMdKkMoc5t8 bPCHec1eIxU7p9lgyKGn2HXtV1WQ5MAeOuI9YHGqdeSfgCPfT1wYF2imiHC9ez8= =2wPb -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
